WO2021196167A1 - Procédé et appareil de traitement d'informations, dispositif et support de stockage - Google Patents

Procédé et appareil de traitement d'informations, dispositif et support de stockage Download PDF

Info

Publication number
WO2021196167A1
WO2021196167A1 PCT/CN2020/083242 CN2020083242W WO2021196167A1 WO 2021196167 A1 WO2021196167 A1 WO 2021196167A1 CN 2020083242 W CN2020083242 W CN 2020083242W WO 2021196167 A1 WO2021196167 A1 WO 2021196167A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
unit
electronic device
server
processing
Prior art date
Application number
PCT/CN2020/083242
Other languages
English (en)
Chinese (zh)
Inventor
许阳
张立海
杨宁
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to PCT/CN2020/083242 priority Critical patent/WO2021196167A1/fr
Priority to CN202080093621.2A priority patent/CN115004634B/zh
Publication of WO2021196167A1 publication Critical patent/WO2021196167A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Definitions

  • the embodiments of the present application relate to the field of communication technologies, and in particular, to an information processing method, device, device, and storage medium.
  • the application program when an application program interacts with an operating system or a communication module within a terminal device, the application program usually carries certain parameter information, for example, the identification of the application program, to distinguish different application requirements, correspondingly, the operating system or The communication module will perform corresponding operations according to the received parameter information.
  • certain parameter information for example, the identification of the application program, to distinguish different application requirements, correspondingly, the operating system or The communication module will perform corresponding operations according to the received parameter information.
  • the embodiments of the present application provide an information processing method, device, equipment, and storage medium, which are used to solve the current security risks in information interaction within electronic equipment.
  • an embodiment of the present application provides an information processing method applied to an electronic device, including:
  • an embodiment of the present application provides an information processing method applied to a first server, and the method includes:
  • Determining first configuration information for a first unit the first unit being included in an electronic device or installed on the electronic device, and the first configuration information is used for secure processing of the information to be transmitted;
  • an embodiment of the present application provides an information processing method applied to a second server, and the method includes:
  • Determining second configuration information for a second unit Determining second configuration information for a second unit, the second unit being included in an electronic device or installed on the electronic device, and the second configuration information is used for security verification of target transmission information;
  • an embodiment of the present application provides an information processing device, including: an acquisition module and a processing module;
  • the acquisition module is used to acquire security protection information
  • the processing module is configured to perform security protection processing on the information transmitted inside the electronic device according to the security protection information.
  • an embodiment of the present application provides an information processing device, including: a processing module and a sending module;
  • the processing module is configured to determine first configuration information for a first unit, the first unit being included in or installed on an electronic device, and the first configuration information is used for secure processing of information to be transmitted;
  • the sending module is configured to send first target information to the electronic device, where the first target information is the first configuration information or information after security processing of the first configuration information.
  • an embodiment of the present application provides an information processing device, including: a processing module and a sending module;
  • the processing module is configured to determine second configuration information for a second unit, where the second unit is included in or installed on an electronic device, and the second configuration information is used for security verification of target transmission information;
  • the sending module is configured to send the second configuration information to the electronic device.
  • an electronic device including:
  • Processor memory, transceiver, and interface for communication with other devices;
  • the memory stores computer instructions
  • the processor executes the computer instructions stored in the memory, so that the processor executes the method according to the first aspect.
  • an embodiment of the present application provides a server, including:
  • Processor memory, transceiver, and interface for communication with other devices;
  • the memory stores computer instructions
  • the processor executes the computer instructions stored in the memory, so that the processor executes the method according to the second aspect.
  • an embodiment of the present application provides a server, including:
  • Processor memory, transceiver, and interface for communication with other devices;
  • the memory stores computer instructions
  • the processor executes the computer instructions stored in the memory, so that the processor executes the method according to the third aspect.
  • an embodiment of the present application provides a computer-readable storage medium that stores a computer-executable instruction, and when the computer-executable instruction is executed by a processor, it is used to implement the first aspect Methods.
  • an embodiment of the present application provides a computer-readable storage medium having computer-executable instructions stored in the computer-readable storage medium, and when the computer-executable instructions are executed by a processor, the The method described.
  • an embodiment of the present application provides a computer-readable storage medium that stores a computer-executable instruction, and when the computer-executable instruction is executed by a processor, it is used to implement what is described in the third aspect. The method described.
  • an embodiment of the present application provides a program, when the program is executed by a processor, it is used to execute the method described in the first aspect.
  • an embodiment of the present application provides a program, which is used to execute the method described in the second aspect when the program is executed by a processor.
  • an embodiment of the present application provides a program, which is used to execute the method described in the third aspect when the program is executed by a processor.
  • an embodiment of the present application provides a computer program product, including program instructions, and the program instructions are used to implement the method described in the first aspect.
  • an embodiment of the present application provides a computer program product, including program instructions, and the program instructions are used to implement the method described in the second aspect.
  • embodiments of the present application provide a computer program product, including program instructions, and the program instructions are used to implement the method described in the third aspect.
  • an embodiment of the present application provides a chip, including a processing module and a communication interface, and the processing module can execute the method described in the first aspect.
  • the chip also includes a storage module (such as a memory), the storage module is used to store instructions, the processing module is used to execute the instructions stored in the storage module, and the execution of the instructions stored in the storage module causes the processing module to perform the first aspect.
  • a storage module such as a memory
  • the storage module is used to store instructions
  • the processing module is used to execute the instructions stored in the storage module
  • the execution of the instructions stored in the storage module causes the processing module to perform the first aspect. The method described.
  • an embodiment of the present application provides a chip, which includes a processing module and a communication interface, and the processing module can execute the method described in the second aspect.
  • the chip also includes a storage module (such as a memory), the storage module is used to store instructions, the processing module is used to execute the instructions stored in the storage module, and the execution of the instructions stored in the storage module causes the processing module to execute the second aspect The method described.
  • a storage module such as a memory
  • the storage module is used to store instructions
  • the processing module is used to execute the instructions stored in the storage module
  • the execution of the instructions stored in the storage module causes the processing module to execute the second aspect The method described.
  • an embodiment of the present application provides a chip, including a processing module and a communication interface, and the processing module can execute the method described in the third aspect.
  • the chip also includes a storage module (such as a memory), the storage module is used to store instructions, the processing module is used to execute the instructions stored in the storage module, and the execution of the instructions stored in the storage module causes the processing module to execute the third aspect.
  • a storage module such as a memory
  • the storage module is used to store instructions
  • the processing module is used to execute the instructions stored in the storage module
  • the execution of the instructions stored in the storage module causes the processing module to execute the third aspect. The method described.
  • the twenty-second aspect of the present application provides a communication system, including: an electronic device, a first server, and a second server;
  • the electronic device is the device described in the foregoing fourth aspect
  • the first server is the device described in the foregoing fifth aspect
  • the second server is the device described in the foregoing sixth aspect.
  • the information processing method, device, equipment, and storage medium provided by the embodiments of the present application acquire security protection information inside the electronic device, and perform security protection processing on the information transmitted inside the electronic device based on the security protection information, thereby avoiding Transmission security problems caused by illegal messages transmitted inside electronic devices.
  • FIG. 1 is a schematic structural diagram of an electronic device provided by an embodiment of this application.
  • FIG. 2 is a schematic structural diagram of another electronic device provided by an embodiment of the application.
  • FIG. 3 is a schematic diagram of a flow of data in the electronic device shown in FIG. 2;
  • FIG. 4 is a schematic diagram of another flow of data in the electronic device shown in FIG. 2;
  • FIG. 5 is a schematic diagram of processing integrity protection involved in an embodiment of the application.
  • FIG. 6 is a schematic diagram of a process of encryption protection involved in an embodiment of this application.
  • FIG. 7 is a schematic flowchart of Embodiment 1 of the information processing method provided by this application.
  • FIG. 8 is a schematic structural diagram of an electronic device to which the information processing method provided in an embodiment of the application is applied;
  • Embodiment 9 is a schematic flowchart of Embodiment 2 of the information processing method provided by this application.
  • Embodiment 3 is a schematic diagram of interaction of Embodiment 3 of the information processing method provided by an embodiment of this application;
  • FIG. 11A is a schematic diagram of an application scenario of an information processing method provided by an embodiment of this application.
  • FIG. 11B is a schematic diagram of another application scenario of the information processing method provided by an embodiment of this application.
  • FIG. 12 is a schematic structural diagram of Embodiment 1 of an information processing apparatus according to an embodiment of this application.
  • FIG. 13 is a schematic structural diagram of Embodiment 2 of an information processing apparatus provided by an embodiment of this application;
  • FIG. 14 is a schematic structural diagram of Embodiment 3 of an information processing apparatus according to an embodiment of this application.
  • 15 is a schematic structural diagram of an embodiment of an electronic device provided by this application.
  • FIG. 16 is a schematic structural diagram of Embodiment 1 of a server provided by this application.
  • FIG. 17 is a schematic structural diagram of Embodiment 2 of the server provided by this application.
  • FIG. 1 is a schematic structural diagram of an electronic device provided by an embodiment of this application.
  • the electronic device may include a processor, an external memory interface, an internal memory, a bus interface, and so on.
  • the structure illustrated in this embodiment does not constitute a specific limitation on the electronic device.
  • the electronic device may include more or fewer components than those shown in the figure, or combine certain components, or split certain components, or arrange different components.
  • the illustrated components can be implemented in hardware, software, or a combination of software and hardware.
  • the processor may include one or more processing units.
  • the processor may include an application processor (AP), a modem processor, a graphics processing unit (GPU), and an image signal processor (image signal processor).
  • signal processor ISP, controller, video codec, digital signal processor (digital signal processor, DSP), baseband processor, and/or neural-network processing unit (NPU), etc.
  • the different processing units may be independent devices or integrated in one or more processors.
  • the external memory interface can be used to connect an external memory card, such as a Micro SD card, to expand the storage capacity of the electronic device.
  • the external memory card communicates with the processor through the external memory interface to realize the data storage function.
  • the internal memory may be used to store one or more computer programs, and the one or more computer programs include instructions.
  • the processor can run the above-mentioned instructions stored in the internal memory to enable the electronic device to execute the information processing methods, various functional applications, and data processing provided in some embodiments of the present application.
  • the internal memory can include a program storage area and a data storage area. Among them, the storage program area can store the operating system; the storage program area can also store one or more application programs and so on.
  • the data storage area can store data created during the use of the electronic device, etc.
  • the processor may include one or more interfaces.
  • the interface can include an integrated circuit (inter-integrated circuit, I2C) interface, an integrated circuit built-in audio (inter-integrated circuit sound, I2S) interface, a pulse code modulation (pulse code modulation, PCM) interface, and a universal asynchronous transmitter (universal asynchronous) interface.
  • I2C integrated circuit
  • I2S integrated circuit built-in audio
  • PCM pulse code modulation
  • UART universal asynchronous transmitter
  • MIPI mobile industry processor interface
  • GPIO general-purpose input/output
  • SIM subscriber identity module
  • USB Universal Serial Bus
  • the USB interface is an interface that conforms to the USB standard specification, and specifically may be a Mini USB interface, a Micro USB interface, a USB Type C interface, and so on.
  • the USB interface can be used to connect a charger to charge an electronic device, or it can be used to transfer data between an electronic device and a peripheral device, or it can be used to connect a headset to play audio through the headset.
  • the interface connection relationship between the modules illustrated in the embodiment of the present invention is merely a schematic description, and does not constitute a structural limitation of the electronic device.
  • the electronic device may also adopt different interface connection modes in the foregoing embodiments, or a combination of multiple interface connection modes.
  • the electronic device may further include: a communication module, an antenna, etc., so that the electronic device can implement a communication function.
  • the communication module can be divided into a wireless communication module and a wireless communication module.
  • the antenna is used to transmit and/or receive electromagnetic wave signals.
  • the electronic device may include multiple antennas, and each antenna may be used to cover a single or multiple communication frequency bands. Different antennas can also be reused to improve antenna utilization.
  • the mobile communication module can provide wireless communication solutions such as 2G/3G/4G/5G that are applied to electronic devices.
  • the mobile communication module may include at least one filter, switch, power amplifier, low noise amplifier, etc.
  • at least part of the functional modules of the mobile communication module may be provided in the processor.
  • at least part of the functional modules of the mobile communication module and at least part of the modules of the processor may be provided in the same device.
  • the wireless communication module can provide applications on electronic devices including wireless local area networks (WLAN), Bluetooth, global navigation satellite system (GNSS), frequency modulation (FM), NFC, infrared technology (infrared, IR) and other wireless communication solutions.
  • the wireless communication module may be one or more devices integrating at least one communication processing module.
  • the electronic device includes multiple antennas, some antennas are coupled with a mobile communication module, and other antennas are coupled with a wireless communication module, so that the electronic device can communicate with the network and other devices through wireless communication technology.
  • wireless communication technologies may include GSM, GPRS, CDMA, WCDMA, TD-SCDMA, LTE, GNSS, WLAN, NFC, FM, and/or IR technologies.
  • the aforementioned GNSS may include global positioning system (GPS), global navigation satellite system (GLONASS), Beidou navigation satellite system (BDS), and quasi-zenith satellite system (quasi- Zenith satellite system, QZSS) and/or satellite-based augmentation systems (SBAS).
  • the electronic device may also include other functional modules, such as audio modules, sensors, buttons, cameras, display screens, and user identification modules. (subscriber identification module, SIM) card interface, etc. Regarding the functional realization of these modules, they can be determined according to actual needs, and this application will not repeat them.
  • functional modules such as audio modules, sensors, buttons, cameras, display screens, and user identification modules. (subscriber identification module, SIM) card interface, etc.
  • SIM subscriber identification module
  • FIG. 2 is a schematic structural diagram of another electronic device provided in an embodiment of the application.
  • multiple applications and operating systems may be installed on the electronic device, and the electronic device includes a protocol layer module.
  • the application is a client that uses an electronic device as a host and displays certain functions through the electronic device, and is located in the application layer of the electronic device.
  • An operating system (OS) is the software implementation basis for each function of an electronic device, and a protocol layer module can implement certain processing functions based on certain set protocols.
  • OS operating system
  • the following takes the electronic device as a mobile terminal as an example to briefly introduce the electronic device, applications, operating system, and protocol layer modules.
  • mobile terminals are the prerequisite and basis for realizing mobile interconnection.
  • Mobile terminals are devices with strong computing, storage and processing capabilities, and functional components such as touch screens, positioning, and video cameras, but are not limited to these functional components.
  • the mobile terminal has an intelligent operating system and an open software platform.
  • the operating system is the foundation of mobile Internet software technology.
  • the operating system and the mobile Internet software technology include basic middleware, business middleware, and communication middleware to realize application support together.
  • applications can include local applications and Web applications.
  • an application is composed of components, and the interaction, communication, and navigation between the components are realized through the network.
  • the operating system may be Android, or IOS, or other types of operating systems.
  • the embodiment of the present application does not limit it.
  • Android is an open source operating system based on Linux, mainly used for portable devices. It is the name of an open source mobile phone operating system based on the Linux platform, which consists of an operating system, middleware, user interface, and application software.
  • IOS is an operating system based on the UNIX kernel. It has a Darwin kernel based on the microkernel (partial tasks of the system kernel are handed over to the user layer process for processing) Mach.
  • the microkernel provides a set of "most basic” services and other services.
  • the "most basic” services such as process scheduling, inter-process communication, storage management, and processing I/O devices.
  • Other services such as file management, network support, etc., are connected to the microkernel through interfaces.
  • FIG. 3 is a schematic diagram of a flow of data in the electronic device shown in FIG. 2.
  • the electronic device may be a terminal device.
  • the following explains and explains the information interaction between the application installed on the terminal device and the protocol layer module included in the terminal device.
  • FIG. 3 uses three applications (APP-1, APP-2, and APP-3) installed on the electronic device for explanation.
  • the protocol layer module may include a policy processing module, a non-access (NAS) layer module, an access (AS) layer module, and other modules that process 3GPP protocols.
  • NAS non-access
  • AS access
  • the protocol layer module of the terminal device can perform connections (such as Protocol data unit (protocol data unit, PDU) session) binding.
  • connections such as Protocol data unit (protocol data unit, PDU) session
  • Data streams with different sources can be distinguished by the identification of the source.
  • data streams of different applications can be distinguished by APP ID.
  • a possible internal interaction of the terminal can be referred to as shown in FIG. 3.
  • APP-3 of the terminal device needs to send data, it first sends a request message to the OS, and the request message may carry parameters such as APP ID to indicate which APP is the request.
  • the OS sends the request message to the protocol layer module.
  • the policy processing module of the protocol layer module determines which URSP rule needs to be matched according to the processing policy and the APP ID carried in the received request message, and then the policy processing module sends it to the NAS layer
  • the PDU session binding or establishment request uses the NAS layer module to perform the corresponding connection binding or establishment according to the matching URSP rule, and finally transmits it to the access (AS) layer module and other modules for processing.
  • AS access
  • the data transmission method in Figure 3 helps to realize flexible APP data binding.
  • different APPs such as APP-1, APP-2, APP-3) can provide different APP ID characteristics, protocol layer modules
  • the policy processing module first determines the URSP rule corresponding to the APP ID carried in the received request message, and then interacts with the NAS layer module to bind the data stream of the requesting APP to a specific connection for transmission.
  • the data transmission method of FIG. 3 has security risks.
  • the APP at the application layer may provide an incorrect APP ID, which will cause the protocol layer module to bind the data stream of the APP to a connection that does not belong to the APP for transmission.
  • FIG. 4 is a schematic diagram of another flow direction of the data flow in the electronic device shown in FIG. 2.
  • the protocol layer module when the protocol layer module is processing, if the traffic descriptor in a certain URSP rule-1 only has APP-3ID, the PDU session corresponding to the URSP rule is only used for data transmission of APP-3 .
  • the protocol layer module When APP-1 and/or APP-2 also send a request message to the protocol layer module through the OS, if the APP-3ID is carried in the request message, the protocol layer module will also transfer the data flow of APP-1 and/or APP-2 Binding to the PDU session corresponding to URSP rule-1 for transmission, that is, the data stream of APP-1 and/or APP-2 is bound to the connection that does not originally belong to it for transmission, thereby occupying the connection resources of other applications , Disrupting the original processing rules, leading to potential safety hazards in the internal information interaction of electronic devices such as terminal devices.
  • the embodiments of the present application provide an information processing method.
  • the electronic device first obtains security protection information, and then performs security protection processing on the information transmitted inside the electronic device according to the security protection information, thereby avoiding the internal transmission of the electronic device.
  • Integrity protection complete protection
  • FIG. 5 is a schematic diagram of processing integrity protection involved in an embodiment of this application.
  • the sender and receiver will negotiate the information required to perform integrity protection, that is, the input parameters of the integrity protection algorithm (abbreviation, complete protection algorithm), for example, integrity protection Secret key (abbreviation, complete protection secret key), the first information (which can be a message or a parameter) that needs integrity protection, and other input information (such as count value, random number, etc.), this embodiment of the application does not do it Limited) and so on.
  • the integrity protection algorithm abbreviation, complete protection algorithm
  • integrity protection Secret key abbreviation, complete protection secret key
  • the first information which can be a message or a parameter
  • other input information such as count value, random number, etc.
  • the sender of the data takes the security key, the first information, and other input information as the input of the security algorithm, and the security algorithm processes them to generate an integrity message authentication code (message authentication code-integrity). , MAC-I).
  • an integrity message authentication code (message authentication code-integrity). , MAC-I).
  • the first information after the protection process is sent to the receiving end together with MAC-I, and the receiving end also uses the same method to input the previously negotiated integrity key, first information, and other input information to the end.
  • an XMAC-I is calculated, and the receiving end judges whether the XMAC-I is consistent with the MAC-I carried by the transmitting end, and if they are consistent, it is determined that the complete guarantee verification is successful.
  • the MAC-I can be a signature or a character string unique to the first message.
  • XMAC-I can be a desired signature or a desired character string unique to the first message; moreover, a different first message The character string unique to the message is different.
  • the embodiments of the present application do not limit the specific implementation of MAC-I and XMAC-I, which can be determined according to actual conditions, and will not be repeated here.
  • Encryption protection that is, to avoid being seen by other attackers during the parameter/message sending process.
  • FIG. 6 is a schematic diagram of a process of encryption protection involved in an embodiment of this application.
  • the sender and receiver will negotiate the information required to execute the encryption algorithm, that is, the input parameters of the encryption algorithm, for example, the encryption key and multiple input information (for example, input 1 , Input 2 and other inputs).
  • the input information may be a parameter such as a count value, a direction value, etc.
  • the embodiment of the present application does not limit the specific expression form of the input information.
  • the sender first uses the encryption key and certain input information to calculate the key stream block through the encryption algorithm, and then uses the key stream block to process the plaintext parameters/messages to be transmitted (Such as convolution operation) generate encrypted parameters/messages, and transmit the encrypted parameters/messages to the receiving end.
  • the receiving end first uses the same input parameters of the encryption algorithm (encryption key and multiple inputs) as the sender to calculate the key stream block, and then uses the key stream block to perform the encryption on the received encrypted parameters/messages.
  • Reverse processing such as deconvolution
  • the complete protection processing and the encryption processing can be used at the same time, or only one can be used, which is not limited in the embodiment of the present application.
  • the security algorithms and encryption algorithms used in 3GPP NR are mainly as follows:
  • NIA0 Null Integrity Protection algorithm, that is, empty complete protection algorithm (incomplete protection);
  • 128-NIA1 128-bit SNOW 3G based algorithm, that is, 128-bit SNOW 3G complete guarantee algorithm;
  • 128-NIA2 128-bit AES based algorithm, that is, 128-bit AES fully guaranteed algorithm
  • 128-NIA3 128-bit ZUC based algorithm, that is, 128-bit ZUC based algorithm.
  • NEA0 Null ciphering algorithm, that is, null encryption algorithm (no encryption);
  • 128-NEA1 128-bit Snow 3G based algorithm, that is, 128-bit Snow 3G encryption algorithm;
  • 128-NEA2 128-bit AES based algorithm, that is, 128-bit AES encryption algorithm
  • 128-NEA3 128-bit ZUC based algorithm, that is, 128-bit ZUC based encryption algorithm.
  • FIG. 7 is a schematic flowchart of Embodiment 1 of the information processing method provided by this application. This method can be applied to an electronic device.
  • the electronic device is a terminal device.
  • the schematic diagram of the structure of the electronic device can be referred to as shown in FIG. 2 above. Referring to FIG. 7, in this embodiment, the method may include the following steps:
  • the security protection information used to perform security protection processing on the information can be obtained first.
  • the security protection information may include one parameter, or may include two or more parameters.
  • the embodiment of the present application does not limit the specific implementation of the security protection information and the number of parameters included, which can be determined according to actual needs, and will not be repeated here.
  • the security protection information may be information pre-stored in the electronic device, or information received from other devices.
  • the embodiment of the present application does not limit it.
  • the security protection information is information pre-stored in the electronic device
  • the two units when there is a demand for information transmission between two units of the electronic device, the two units first obtain the corresponding information based on preset rules. Safely protect information.
  • the security protection information required for information transmission between different units may be the same or different, which is not limited in the embodiments of the present application.
  • S701 can be implemented in the following manner:
  • the electronic device may receive the security protection information from other devices.
  • other devices may send the content included in the security protection information to the electronic device through more than one message, and correspondingly, the electronic device may respectively parse and obtain the content of the security protection information from the received messages.
  • other devices can carry the content included in the security protection information in one message and send to the electronic device, or can carry the content included in the security protection information in two or more messages and send to the electronic device.
  • the embodiments of the present application do not limit the content included in the security protection information obtained by the electronic device from several messages, which can be determined according to actual conditions.
  • the security protection information includes at least one of the following information:
  • Security calculation information identification information of the first unit.
  • the first unit is the initiator of the information to be transmitted in the electronic device.
  • the recipient of the information to be transmitted can determine the initiator so as to perform corresponding operations.
  • the secure calculation information may enable the initiator of the information to be transmitted to perform security processing on the information to be transmitted, or enable the receiver of the information to be transmitted to perform security verification on the information to be transmitted.
  • the identification information of the first unit may be information that has been safely processed, or it may be information that has not been processed safely, which can be determined according to actual conditions, and will not be repeated here.
  • the security information received by the initiator may not carry the foregoing secure computing information.
  • the security information received by the recipient may not carry the identification information of the first unit. Therefore, the content actually included in the security protection information can be determined according to the actual scenario, and will not be repeated here.
  • the foregoing secure computing information includes at least one of the following information:
  • the content included in secure computing information is mainly used for the realization of security protection processing.
  • the embodiments of this application do not limit the specific content included in secure computing information. As long as the initiator and receiver of the information to be transmitted have agreed in advance, it can be It is sufficient to implement a security protection process.
  • the security protection information may further include: the corresponding relationship between the identification information of the first unit and the security computing information. In this way, the information transmitted inside the electronic device can be targeted for security protection processing, and the processing efficiency is improved.
  • the identification information of the first unit included in it can be understood as the descriptor of the first unit, which can be Used to distinguish the security calculation information corresponding to different units in the electronic device.
  • the descriptor of the first unit and the identifier of the first unit transmitted inside the electronic device may be the same parameter or different parameters, which are not limited in the embodiment of the present application.
  • S702 Perform security protection processing on the information transmitted inside the electronic device according to the foregoing security protection information.
  • the initiator and the receiver can respectively process the internally transmitted information, so as to ensure the legitimacy and security of the information transmitted by the initiator and the receiver It can receive correct and legal information, so as to ensure that the internal processing rules of the electronic device are correct, and solve the hidden security problems of internal transmission.
  • the electronic device first obtains security protection information, and then performs security protection processing on the information transmitted inside the electronic device according to the security protection information, thereby avoiding the illegal transmission of messages inside the electronic device. Transmission security problems.
  • FIG. 8 is a schematic structural diagram of an electronic device to which the information processing method provided in an embodiment of the application is applied.
  • the electronic device may include: a first unit and a second unit that can communicate with each other.
  • an operating system and at least one application are installed on the electronic device, and the electronic device includes a protocol layer module.
  • the specific implementation of the first unit and the second unit may include the following situations:
  • the first unit is any one of at least one application
  • the second unit is an operating system or a protocol layer module. That is, the first unit is an application installed on the electronic device, and the second unit is an operating system installed on the electronic device, or the first unit is an application installed on the electronic device, and the second unit is a protocol layer included in the electronic device. Module.
  • the first unit is the aforementioned operating system
  • the second unit is any application or protocol layer module among at least one application. That is, the first unit is an operating system installed on the electronic device, and the second unit is an application installed on the electronic device, or the first unit is an operating system installed on the electronic device, and the second unit is a protocol layer included in the electronic device. Module.
  • the first unit is the aforementioned protocol layer module
  • the second unit is any one of the operating system or at least one application. That is, the first unit is a protocol layer module included in the electronic device, and the second unit is an application installed on the electronic device, or the first unit is a protocol layer module included in the electronic device, and the second unit is an operation installed on the electronic device system.
  • first unit and the second unit may change according to actual scenarios or system changes, which are not limited in the embodiments of the present application.
  • FIG. 9 is a schematic flowchart of Embodiment 2 of the information processing method provided by this application. As shown in FIG. 9, in this embodiment, the above S702 can be implemented through the following steps:
  • the first unit transmits the security-processed target transmission information to the second unit.
  • the target transmission information is first determined.
  • the target transmission information is a message that has undergone security processing.
  • the target transmission information is obtained by performing security processing on the first unit of the information to be transmitted.
  • the first unit when the first unit needs to transmit the information to be transmitted to the second unit, it first performs security processing on the information to be transmitted according to the received security protection information to obtain the target transmission information, and then transmit the target transmission information To the second unit.
  • the target transmission information is obtained by performing security processing on other devices on the information to be transmitted.
  • the first unit needs to transmit to the second unit the target transmission information that has been safely processed, that is, other devices have performed security processing on the information to be transmitted based on the security protection information, and the target transmission information is obtained. It is directly transmitted to the first unit, so that the first unit can directly transmit the received target transmission information to the second unit.
  • the embodiment of the present application does not limit it.
  • the security processing may include: encrypting information and/and integrity protection.
  • the second unit uses the security protection information to perform security verification on the received target transmission information.
  • the second unit may perform security verification on the target transmission information according to the received security protection information.
  • the security verification includes: decrypting information and/or integrity protection authentication.
  • the second unit may perform reverse processing on the target transmission information according to the specific operation of the receiving end in FIG. 5 or FIG. 6 described above. For example, if the target transmission information is obtained through integrity protection processing, the second unit can perform integrity protection authentication on the target transmission information; if the target transmission information is obtained through encryption processing, the second unit can perform integrity protection authentication on the target transmission information. Encrypted authentication.
  • the electronic device includes a first unit and a second unit
  • the first unit can transmit the target transmission information of the secure processing to the second unit
  • the second unit uses the secure
  • the protection information performs security verification on the received target transmission information, thereby ensuring the security and legality of the information transmission between the first unit and the second unit.
  • the foregoing security protection information may include: first configuration information and/or second configuration information.
  • the first configuration information is received by the first unit from the first server
  • the second configuration information is received by the second unit from the second server.
  • the acquired security protection information can be divided into first configuration information and/or second configuration information.
  • the security protection information includes the first configuration information and the second configuration information, it may be received from the corresponding server respectively.
  • the first unit receives the first configuration information from the first server
  • the second unit receives the second configuration information from the second server.
  • the first server may be a device for supporting the realization of the functions of the first unit and providing services required by the first unit
  • the second server may be a device for supporting the realization of functions of the second unit and providing the second unit.
  • the service equipment required by the unit may be a device for supporting the realization of the functions of the first unit and providing services required by the first unit
  • the second server may be a device for supporting the realization of functions of the second unit and providing the second unit.
  • the first unit is an application installed on an electronic device
  • the first server is an application server
  • the first unit is an operating system installed on an electronic device
  • the first server is a manufacturer's server
  • the first unit is an operating system installed on the electronic device
  • One unit is a protocol layer module included in the electronic device, and the first server is an operator server.
  • the second server is an application server; or, if the second unit is an operating system installed on the electronic device, the second server is a manufacturer's server; or, if The second unit is a protocol layer module included in the electronic device, and the second server is an operator server.
  • the specific implementation of the first unit and the first server, the second unit and the second server can be determined according to actual conditions, and will not be repeated here.
  • FIG. 10 is a schematic diagram of interaction in Embodiment 3 of the information processing method provided by an embodiment of the application.
  • the information interaction between the electronic device, the first server, and the second server is used for explanation.
  • the information processing method may include the following steps:
  • the first server and the second server respectively determine security protection information.
  • the first server corresponding to the first unit and the second server corresponding to the second unit may first determine to perform the transmission of the information.
  • Security protection information required for processing.
  • the aforementioned security protection information may include first configuration information for the first unit and second configuration information for the second unit.
  • the first server and the second server may directly determine the aforementioned security protection information through information exchange negotiation, that is, the first server determines the first configuration information for the first unit, Correspondingly, the second server determines the second configuration information for the second unit.
  • the first server and the second server may both be connected to a third-party management node, and the third-party management node is used to manage the security protection information of the communication between the first unit and the second unit
  • the first server can obtain the aforementioned security protection information by communicating with the third-party management node
  • the second server can also obtain the aforementioned security protection information by communicating with the third-party management node.
  • the embodiment of the present application does not limit the manner in which the first server and the second server obtain the security protection information, which can be determined according to actual needs.
  • the first configuration information can be used for the security processing of the information to be transmitted; the second configuration information can be used for Security verification of target transmission information.
  • the security protection information may include at least one of secure computing information and identification information of the first unit. Therefore, in this embodiment
  • the first configuration information and/or the second configuration information may also include at least one of the following information: secure computing information and identification information of the first unit.
  • the security calculation information includes at least one of the following information: secret key, algorithm identification information, and algorithm content information.
  • the second configuration information may further include: the corresponding relationship between the identification information of the first unit and the secure computing information.
  • different first units can use different secure computing information for processing.
  • the second unit can use The corresponding security calculation information processes the received target transmission information.
  • the first server sends first target information to the electronic device, where the first target information is first configuration information or information that has undergone security processing of the first configuration information.
  • the processing operation on the first configuration information may include the following specific implementations:
  • the first server directly sends the first configuration information to the electronic device. Specifically, the first server directly sends the first configuration information to the first unit of the electronic device, so that the first unit uses The first configuration information is sent to the second unit after performing security processing such as encryption and/and integrity protection on the information to be transmitted.
  • the first configuration information may include information such as the descriptor of the first unit, which is mainly used to distinguish different units in the electronic device.
  • the first server first uses the determined first configuration information to perform security processing such as encryption and/or integrity protection on the information to be transmitted to obtain the first target information, and then send the first target information To the first unit of the electronic device, so that the first unit directly sends it to the second unit, or performs other operations.
  • security processing such as encryption and/or integrity protection
  • the embodiment of the present application does not limit the specific content of the first target information, which can be determined according to actual conditions.
  • the second server sends second configuration information to the electronic device.
  • the second server after the second server determines the second configuration information, it can send the second configuration information to the electronic device. Specifically, the second server sends the second configuration information to the second unit of the electronic device. So that when the second unit receives the target transmission information from the first unit, it can use the second configuration information to decrypt the target transmission information and/or perform security verification processing such as integrity verification.
  • the second configuration information may be included in other information sent by the second server to the electronic device. That is, when the second server needs to transmit other information to the second unit of the electronic device, the second server can include the second configuration information in other information and transmit it to the second unit, which can reduce the resources for information transmission. Consumption, improve resource utilization.
  • the first unit of the electronic device performs security processing on the received first target information to obtain the target transmission information.
  • the first unit when the first target information is the first configuration information, the first unit can use it to perform encryption processing or integrity protection processing on the information transmitted inside the electronic device.
  • the first target information is information that has undergone security processing of the first configuration information
  • S1004 is optional.
  • the first target information is the target transmission information to be transmitted by the first unit.
  • the first unit may perform security processing on the information to be transmitted according to the first configuration information, for example, perform processing procedures such as encryption and/or integrity protection on the information to be transmitted.
  • the first unit transmits the securely processed target transmission information to the second unit.
  • the second unit uses the second configuration information to perform security verification on the received target transmission information.
  • the second configuration information is included in other information received by the second unit from the second server.
  • the security verification includes: decrypting information and/or integrity protection authentication.
  • the first server may send the first target information to the electronic device.
  • the first target information is the first configuration information or the After the first configuration information is safely processed, the second server sends the second configuration information to the electronic device.
  • the first unit of the electronic device can perform security processing on the received first target information to obtain the target transmission information, and transmit it
  • the second unit uses the second configuration information to perform security verification on the received target transmission information.
  • FIG. 11A is a schematic diagram of an application scenario of the information processing method provided by an embodiment of this application.
  • the electronic device is a terminal device
  • the first unit is one of multiple applications installed on the electronic device
  • the second unit is a protocol layer module included in the electronic device, for example, a UE module
  • the UE module includes: a policy processing module, a NAS layer and an AS layer.
  • the first unit is APP-3
  • the first server is the application server of APP-3
  • the second unit is the policy processing module of the protocol layer module
  • the second server is the operator server.
  • the electronic device is a terminal device
  • the operator server is a core network element, such as a policy control function (PCF). Therefore, when the PCF sends the determined security protection information and other parameters to the protocol layer module of the terminal device, in an embodiment, the PCF may first encapsulate the security protection information through a container, and then encapsulate the encapsulated Container It is sent to the access management function (AMF), and finally the AMF sends the encapsulated Container to the protocol layer module of the terminal device through the NAS message; in another embodiment, the PCF does not pass through the container (Container ) Encapsulates the security protection information, but is directly transmitted by the PCF to the AMF, so that the AMF uses the NAS message to send the security protection information to the protocol layer module.
  • the PCF does not pass through the container (Container ) Encapsulates the security protection information, but is directly transmitted by the PCF to the AMF, so that the AMF uses the NAS message to send the security protection information to the protocol layer module.
  • the security calculation information and the identification of the first unit included in the security protection information may be transmitted through one message, or may be transmitted through different messages.
  • the APP-3 application server and the operator server first determine the secure computing information, for example, the secret key and/or algorithm information used; then, the APP-3 application server converts the secret key and/or algorithm Secure computing information such as information is sent to APP-3 of the terminal device, and the operator server sends secure computing information such as secret key and/or algorithm information to the protocol layer module (specifically, the policy processing module) of the terminal device; then, APP-3
  • the application server and the operator server respectively determine the corresponding APP, that is, the APP descriptor, for example, the APP-3 descriptor, and the APP-3 application server sends the determined APP-3 descriptor to the APP-3 of the terminal device ,
  • the operator server sends the determined APP-3 descriptor to the protocol layer module (specifically, the policy processing module) of the terminal device.
  • the above-mentioned secret key may be one or two of an encryption key and a complete secret key.
  • the above algorithm information can be an algorithm identification or specific content of the algorithm.
  • the algorithms that can be used in the embodiments of the present application may include, but are not limited to, the security algorithms and encryption algorithms defined by 3GPP, and they may also be other algorithms, which are not limited here.
  • the operator server when the operator server sends the secret key and/or algorithm information to the protocol layer module (specifically, the policy processing module) of the terminal device, it may also include secure computing information such as the secret key and/or algorithm information and the identification information of the APP.
  • secure computing information such as the secret key and/or algorithm information and the identification information of the APP.
  • the corresponding relationship between the two is because different APPs can correspond to different secret keys and/or algorithm information (for example, APP-1, APP-2, and APP-3 respectively correspond to different secret keys and/or algorithm information).
  • Table 1 is an example in which the security processing of the information to be transmitted is performed at the APP layer of the terminal.
  • the security protection information mainly includes the identification information of the APP (using the APP descriptor to indicate the APP in the terminal), the key corresponding to each APP (the complete security key and/or the encryption key), and the corresponding key of each APP
  • the algorithm complete protection algorithm and/or encryption algorithm
  • the content that the APP transmits to the OS or protocol layer module is the information to be transmitted, for example, the corresponding APP ID.
  • the APP descriptor and the APP ID may be the same parameter or different parameters, which may be determined according to actual conditions.
  • the parameters in Table 1 may be sent by the application server to the corresponding APP of the terminal device through the application layer, and sent by the operator server to the policy processing module of the protocol layer module through 3GPP signaling (such as NAS signaling).
  • the operator server may send the identification information of the APP to the protocol layer module (specifically the policy processing module) through the processing policy rules, and then there is no need to separately send the APP's information to the protocol layer module (specifically the policy processing module).
  • Identification information for example, APP-3descriptor.
  • the application server of the APP can respectively send the above-mentioned secure computing information (key and/or algorithm information) and the identification information of the APP, or it can be sent by the same message, and the operator server can send it separately.
  • the aforementioned secure computing information (secret key and/or algorithm information) and APP identification information can also be sent through the same message.
  • the safety computing information and the identification information of the APP can be sent separately.
  • the secure computing information and the identification information of the APP can also be sent through the same message.
  • the identification information of the APP may be a string or a domain name, as long as the specific APP can be distinguished, and the specific format of the identification information of the APP is not limited in the embodiment of the present application.
  • FIG. 11B is a schematic diagram of another application scenario of the information processing method provided in an embodiment of the present application.
  • the schematic diagrams of FIG. 11B and FIG. 11A include the same structure of the device. The difference is: in FIG. 11A, the security processing of the information to be transmitted is performed on the APP side of the terminal device, while in FIG. 11B, the security processing of the information to be transmitted is performed in the APP application. After being executed on the server side, it is transmitted to the corresponding APP.
  • the application server of the APP can first process the information to be transmitted (for example, the application server of APP-3 corresponds to the APP-3ID), for example, first use the secret key and/or algorithm information on the application server of the APP.
  • the secure computing information processes the APP ID to obtain the processed APP ID, and then sends it together with the APP descriptor to the corresponding APP of the terminal device.
  • the operator server can still send the clear text APP ID and APP ID as usual. Descriptor, secret key and/or algorithm information.
  • the advantage of this is that the APP of the terminal device will not obtain the secret key and/or algorithm information, which avoids the security risk of the plaintext APP ID being leaked.
  • Table 2 is an example in which the security processing of the information to be transmitted is performed on the application server of the APP.
  • the security protection information mainly includes APP identification information (using the APP descriptor to indicate the APP in the terminal), the secret key corresponding to each APP (complete security key and/or encryption key), and each APP Corresponding algorithm (complete security algorithm and/or encryption algorithm); optionally, the content delivered by the APP to the OS or protocol layer module is the information to be transmitted after security processing, for example, the APP ID after security processing.
  • APP descriptor and APP ID can be the same parameter or different parameters, which can be determined according to actual conditions.
  • the parameters in the first column identification information of the APP
  • the parameters in the fourth column the content passed by the APP to the OS layer or protocol layer module
  • the APP of the terminal device, and all the parameters in Table 2 can be passed through 3GPP signaling (such as NAS signaling) )
  • the policy processing module sent by the operator server to the protocol layer module.
  • APP-3 of the terminal device when APP-3 of the terminal device needs to send data, it first sends a request message to the OS layer.
  • the request message can carry the security-processed APP ID.
  • the OS layer sends a request message to the OS layer.
  • the policy processing module of the protocol layer module sends the request message and includes the processed APP ID.
  • the policy processing module decrypts the processed APP ID and/or complete security verification according to the key corresponding to the APP ID previously configured or received from the operator server.
  • the plaintext APP is used
  • the ID and policy processing rules are evaluated to determine the policy rule corresponding to the APP (such as URSP Rule), and the binding of the connection or the establishment of a new connection is triggered according to the content of the URSP rule.
  • the technical solution of this application can ensure that the 3GPP layer module in the terminal device receives the correct information sent by the APP. Since other APPs have not received the secret key and algorithm, they cannot fake the same APP ID.
  • the scenario where the merchant server and different over-the-top (OTT) devices negotiate different APP IDs plays a role of security protection.
  • the technical solution of this application is not limited to the 5G system, any other systems are applicable, and the technical solution of this application is not limited to APP ID verification, for the information sent to the OS or protocol layer module from the APP layer of any terminal device
  • the parameters/parameters can all be secured through the same mechanism, and other information/parameters can include network slicing parameters, data network (DN) parameters, access APNs, and so on.
  • the embodiment of the present application does not limit the parameters that need to be processed, which can be determined according to the actual situation, and will not be repeated here.
  • the technical solution of this application does not limit the direction of the APP to the OS layer or protocol layer module.
  • the AS/NAS in the protocol layer module sends information (for example, quality of service) to the APP.
  • QoS includes any parameter and UE location information, cell identification, tracking area adjustment information), can also be fully protected by the same mechanism, and will not be repeated here.
  • FIG. 12 is a schematic structural diagram of Embodiment 1 of an information processing apparatus according to an embodiment of this application.
  • the device can be integrated in an electronic device or realized by an electronic device. As shown in FIG. 12, the device may include: an acquisition module 1201 and a processing module 1202.
  • the obtaining module 1201 is used to obtain security protection information
  • the processing module 1202 is configured to perform security protection processing on the information transmitted inside the electronic device according to the security protection information.
  • the electronic device includes: a first unit and a second unit;
  • the processing module 1202 is specifically configured to transmit securely processed target transmission information to the second unit through the first unit, and use the security protection information to secure the received target transmission information through the second unit verify.
  • the target transmission information is obtained by performing security processing on the information to be transmitted on the first unit, or the target transmission information is obtained by performing security processing on the information to be transmitted on other devices.
  • the security processing includes: encrypting information and/and integrity protection
  • the security verification includes: decrypting information and/or integrity protection authentication.
  • the security protection information includes: first configuration information and/or second configuration information
  • the first configuration information is received by the first unit from a first server
  • the second configuration information is received by the second unit from a second server.
  • the second configuration information is included in other information received by the second unit from the second server.
  • an operating system and at least one application are installed on the electronic device, and the electronic device includes a protocol layer module;
  • the first unit is any one of the at least one application, and the second unit is the operating system or the protocol layer module; or
  • the first unit is the operating system, and the second unit is any one of the at least one application or the protocol layer module; or
  • the first unit is the protocol layer module
  • the second unit is any one of the operating system or the at least one application.
  • the first unit is any one of the at least one application, and the second unit is the protocol layer module.
  • the security protection information includes at least one of the following information:
  • Security calculation information identification information of the first unit.
  • the security protection information further includes: the corresponding relationship between the identification information of the first unit and the security computing information.
  • the secure computing information includes at least one of the following information:
  • the obtaining module 1201 is specifically configured to obtain the content included in the security protection information from at least one message received.
  • the electronic device is a terminal device.
  • the device provided in this embodiment is used to implement the technical solutions of the electronic equipment in the embodiments shown in FIG. 7 to FIG. 10, and its implementation principles and technical effects are similar, and will not be repeated here.
  • FIG. 13 is a schematic structural diagram of Embodiment 2 of an information processing apparatus provided by an embodiment of this application.
  • the device can be integrated in the server or realized by the server. As shown in FIG. 13, the device may include: a processing module 1301 and a sending module 1302.
  • the processing module 1301 is used to determine first configuration information for a first unit, the first unit being included in or installed on an electronic device, and the first configuration information is used for secure processing of the information to be transmitted ;
  • the sending module 1302 is configured to send first target information to the electronic device, where the first target information is the first configuration information or information after the first configuration information is safely processed.
  • the security processing includes: encrypting and/and integrity protection of information.
  • the first unit is an application installed on the electronic device, and the device is an application server; or
  • the first unit is an operating system installed on the electronic device, and the device is a vendor server; or
  • the first unit is a protocol layer module included in the electronic device, and the device is an operator server.
  • the first configuration information includes at least one of the following information:
  • Safe computing information identification information of the first unit.
  • the secure computing information includes at least one of the following information:
  • the device provided in this embodiment is used to implement the technical solutions of the first server in the embodiments shown in FIG. 7 to FIG. 10, and its implementation principles and technical effects are similar, and will not be repeated here.
  • FIG. 14 is a schematic structural diagram of Embodiment 3 of an information processing apparatus provided by an embodiment of this application.
  • the device can be integrated in the server or realized by the server. As shown in FIG. 14, the device may include: a processing module 1401 and a sending module 1402.
  • the processing module 1401 is configured to determine second configuration information for a second unit, the second unit is included in or installed on an electronic device, and the second configuration information is used for security verification of target transmission information ;
  • the sending module 1402 is used to send the second configuration information to the electronic device.
  • the security verification includes: decrypting information and/or integrity protection authentication.
  • the second unit is an application installed on the electronic device, and the device is an application server; or
  • the second unit is an operating system installed on the electronic device, and the device is a vendor server; or
  • the second unit is a protocol layer module included in the electronic device, and the device is an operator server.
  • the second configuration information includes at least one of the following information:
  • the first unit is a unit included or installed in the electronic device that can perform information transmission with the second unit.
  • the second configuration information further includes: a correspondence between the identification information of the first unit and the secure computing information.
  • the secure computing information includes at least one of the following information:
  • the second configuration information is included in other information sent by the apparatus to the electronic device.
  • the device provided in this embodiment is used to implement the technical solutions of the second server in the embodiments shown in FIG. 7 to FIG. 10, and its implementation principles and technical effects are similar, and will not be repeated here.
  • the division of the various units of the above device is only a division of logical functions, and may be fully or partially integrated into a physical entity during actual implementation, or may be physically separated. And these units can all be implemented in the form of software called by processing elements; they can also be implemented in the form of hardware; part of the units can be implemented in the form of calling software by processing elements, and some of the units can be implemented in the form of hardware.
  • the first processing unit and/or the second processing unit may be separately established processing elements, or they may be integrated in a chip of the above-mentioned device for implementation, in addition, they may also be stored in the memory of the above-mentioned device in the form of program code.
  • the function of the above first processing unit and/or second processing unit is invoked and executed by a certain processing element of the above-mentioned device.
  • the implementation of other units is similar.
  • all or part of these units can be integrated together or implemented independently.
  • the processing element described here may be an integrated circuit with signal processing capability.
  • each step of the above method or each of the above units can be completed by an integrated logic circuit of hardware in the processor element or instructions in the form of software.
  • the above units may be one or more integrated circuits configured to implement the above methods, for example: one or more application specific integrated circuits (ASIC), or one or more microprocessors (digital signal processor, DSP), or, one or more field programmable gate arrays (FPGA), etc.
  • ASIC application specific integrated circuit
  • DSP digital signal processor
  • FPGA field programmable gate arrays
  • the processing element may be a general-purpose processor, such as a central processing unit (CPU) or other processors that can call program codes.
  • CPU central processing unit
  • these units can be integrated together and implemented in the form of a system-on-a-chip (SOC).
  • SOC system-on-a-chip
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium.
  • the computer instructions may be transmitted from a website, computer, server, or data center.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or data center integrated with one or more available media.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).
  • FIG. 15 is a schematic structural diagram of an embodiment of an electronic device provided by this application. As shown in FIG. 15, the electronic device may include: a processor 1501, a memory 1502, a transceiver 1503, and an interface 1504 for communicating with other devices.
  • the memory 1502 is used to store computer execution instructions; the transceiver 1503 is used to communicate with other devices through the interface 1504, and the processor 1501 executes the computer execution instructions stored in the memory 1502, so that the processor 1501 executes as shown in the previous figure. 7 to FIG. 10 show the technical solutions of the electronic equipment in the embodiments.
  • FIG. 16 is a schematic structural diagram of Embodiment 1 of a server provided by this application.
  • the server may include a processor 1601, a memory 1602, a transceiver 1603, and an interface 1604 for communicating with other devices.
  • the memory 1602 is used to store computer execution instructions; the transceiver 1603 is used to communicate with other devices through the interface 1604, and the processor 1601 executes the computer execution instructions stored in the memory 1602, so that the processor 1601 executes as shown in the previous figure. 7 to the technical solutions of the first server in the embodiments shown in FIG. 10.
  • FIG. 17 is a schematic structural diagram of Embodiment 2 of the server provided by this application.
  • the server may include: a processor 1701, a memory 1702, a transceiver 1703, and an interface 1704 for communicating with other devices.
  • the memory 1702 is used to store computer-executed instructions; the transceiver 1703 is used to communicate with other devices through the interface 1704, and the processor 1701 executes the computer-executed instructions stored in the memory 1702, so that the processor 1701 executes as shown in the previous figure. 7 to the technical solutions of the second server in the embodiments shown in FIG. 10.
  • the present application also provides a communication system.
  • the communication system includes an electronic device, a first server, and a second server.
  • the electronic device may be the information processing apparatus shown in FIG. 12 or the device shown in FIG.
  • the first server may be the information processing device shown in FIG. 13 or the server shown in FIG. 16, and the second server may be the information processing device shown in FIG. 14 or the server shown in FIG. 17.
  • the first server, and the second server reference may be made to the record in the foregoing embodiment, which will not be repeated here.
  • the present application also provides a computer-readable storage medium in which computer-executable instructions are stored.
  • the computer-executable instructions are executed by a processor, they are used to implement the electronic device side in any of the foregoing method embodiments.
  • the present application also provides a computer-readable storage medium in which computer-executable instructions are stored.
  • the computer-executable instructions are executed by a processor, they are used to implement the first server in any of the foregoing method embodiments. Side technical solutions.
  • the present application also provides a computer-readable storage medium in which computer-executable instructions are stored.
  • the computer-executable instructions are executed by a processor, they are used to implement the second server in any of the foregoing method embodiments. Side technical solutions.
  • the embodiment of the present application also provides a program, when the program is executed by the processor, it is used to execute the technical solution on the electronic device side in the foregoing method embodiment.
  • the embodiment of the present application also provides a program, which is used to execute the technical solution on the first server side in the foregoing method embodiment when the program is executed by the processor.
  • the embodiment of the present application also provides a program, which is used to execute the technical solution on the second server side in the foregoing method embodiment when the program is executed by the processor.
  • the embodiments of the present application also provide a computer program product, including program instructions, which are used to implement the technical solutions on the electronic device side in the foregoing method embodiments.
  • the embodiments of the present application also provide a computer program product, including program instructions, which are used to implement the technical solutions on the first server side in the foregoing method embodiments.
  • the embodiments of the present application also provide a computer program product, including program instructions, and the program instructions are used to implement the technical solutions on the second server side in the foregoing method embodiments.
  • the embodiment of the present application also provides a chip, which includes a processing module and a communication interface, and the processing module can execute the technical solution on the electronic device side in the foregoing method embodiment.
  • the chip also includes a storage module (such as a memory), the storage module is used to store instructions, the processing module is used to execute the instructions stored in the storage module, and the execution of the instructions stored in the storage module causes the processing module to execute the electronic device side Technical solutions.
  • a storage module such as a memory
  • the storage module is used to store instructions
  • the processing module is used to execute the instructions stored in the storage module
  • the execution of the instructions stored in the storage module causes the processing module to execute the electronic device side Technical solutions.
  • An embodiment of the present application also provides a chip, which includes a processing module and a communication interface, and the processing module can execute the technical solution on the first server side in the foregoing method embodiment.
  • the chip further includes a storage module (such as a memory), the storage module is used to store instructions, the processing module is used to execute the instructions stored in the storage module, and the execution of the instructions stored in the storage module causes the processing module to execute the first server Side technical solutions.
  • a storage module such as a memory
  • the storage module is used to store instructions
  • the processing module is used to execute the instructions stored in the storage module
  • the execution of the instructions stored in the storage module causes the processing module to execute the first server Side technical solutions.
  • An embodiment of the present application also provides a chip, which includes a processing module and a communication interface, and the processing module can execute the technical solution on the second server side in the foregoing method embodiment.
  • the chip also includes a storage module (such as a memory), the storage module is used to store instructions, the processing module is used to execute the instructions stored in the storage module, and the execution of the instructions stored in the storage module causes the processing module to execute the second server Side technical solutions.
  • a storage module such as a memory
  • the storage module is used to store instructions
  • the processing module is used to execute the instructions stored in the storage module
  • the execution of the instructions stored in the storage module causes the processing module to execute the second server Side technical solutions.
  • the disclosed system, device, and method can be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or It can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the processor may be a central processing unit (English: Central Processing Unit, abbreviated as: CPU), or other general-purpose processors, digital signal processors (English: Digital Signal Processor, referred to as DSP), application specific integrated circuit (English: Application Specific Integrated Circuit, referred to as ASIC), etc.
  • the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like. The steps in the method disclosed in this application can be directly embodied as being executed and completed by a hardware processor, or executed and completed by a combination of hardware and software modules in the processor.
  • All or part of the steps in the foregoing method embodiments may be implemented by a program instructing relevant hardware.
  • the aforementioned program can be stored in a readable memory.
  • the program executes the steps of the above-mentioned method embodiments; and the aforementioned memory (storage medium) includes: read-only memory (English: read-only memory, abbreviated as: ROM), RAM, flash memory, hard disk, Solid state hard disk, magnetic tape (English: magnetic tape), floppy disk (English: floppy disk), optical disc (English: optical disc) and any combination thereof.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Selon les modes de réalisation, la présente invention concerne un procédé et un appareil de traitement d'informations, un dispositif, et un support de stockage. Dans un dispositif électronique, des informations de protection de sécurité sont acquises, et selon les informations de protection de sécurité, un traitement de protection de sécurité est effectué sur des informations transmises dans le dispositif électronique, ce qui évite des risques de sécurité de transmission provoqués par des messages légitimes transmis dans le dispositif électronique.
PCT/CN2020/083242 2020-04-03 2020-04-03 Procédé et appareil de traitement d'informations, dispositif et support de stockage WO2021196167A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2020/083242 WO2021196167A1 (fr) 2020-04-03 2020-04-03 Procédé et appareil de traitement d'informations, dispositif et support de stockage
CN202080093621.2A CN115004634B (zh) 2020-04-03 2020-04-03 信息处理方法、装置、设备及存储介质

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/083242 WO2021196167A1 (fr) 2020-04-03 2020-04-03 Procédé et appareil de traitement d'informations, dispositif et support de stockage

Publications (1)

Publication Number Publication Date
WO2021196167A1 true WO2021196167A1 (fr) 2021-10-07

Family

ID=77927353

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/083242 WO2021196167A1 (fr) 2020-04-03 2020-04-03 Procédé et appareil de traitement d'informations, dispositif et support de stockage

Country Status (2)

Country Link
CN (1) CN115004634B (fr)
WO (1) WO2021196167A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500095A (zh) * 2022-02-25 2022-05-13 上海富数科技有限公司 数据处理方法、装置、电子设备及存储介质

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242630A (zh) * 2007-02-05 2008-08-13 华为技术有限公司 安全算法协商的方法、装置及网络系统
CN101854625A (zh) * 2009-04-03 2010-10-06 华为技术有限公司 安全算法选择处理方法与装置、网络实体及通信系统
CN107294723A (zh) * 2016-03-31 2017-10-24 中兴通讯股份有限公司 消息完整性认证信息的生成和验证方法、装置及验证系统
CN108347410A (zh) * 2017-01-24 2018-07-31 华为技术有限公司 安全实现方法、设备以及系统
CN109362108A (zh) * 2017-09-30 2019-02-19 华为技术有限公司 一种安全保护的方法、装置和系统
CN110035042A (zh) * 2018-01-12 2019-07-19 华为技术有限公司 一种数据传输方法及装置
US20190372995A1 (en) * 2017-08-11 2019-12-05 Huawei Technologies Co., Ltd. Data integrity protection method and apparatus

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050289311A1 (en) * 2004-06-29 2005-12-29 David Durham System and method for secure inter-platform and intra-platform communications
CN101175074A (zh) * 2006-11-01 2008-05-07 华为技术有限公司 一种实现端到端媒体流密钥协商的方法和系统
CN108156143A (zh) * 2017-12-14 2018-06-12 上海格尔安全科技有限公司 基于可信执行环境的Android应用程序之间的安全通信方法

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242630A (zh) * 2007-02-05 2008-08-13 华为技术有限公司 安全算法协商的方法、装置及网络系统
CN101854625A (zh) * 2009-04-03 2010-10-06 华为技术有限公司 安全算法选择处理方法与装置、网络实体及通信系统
CN107294723A (zh) * 2016-03-31 2017-10-24 中兴通讯股份有限公司 消息完整性认证信息的生成和验证方法、装置及验证系统
CN108347410A (zh) * 2017-01-24 2018-07-31 华为技术有限公司 安全实现方法、设备以及系统
US20190372995A1 (en) * 2017-08-11 2019-12-05 Huawei Technologies Co., Ltd. Data integrity protection method and apparatus
CN109362108A (zh) * 2017-09-30 2019-02-19 华为技术有限公司 一种安全保护的方法、装置和系统
CN110035042A (zh) * 2018-01-12 2019-07-19 华为技术有限公司 一种数据传输方法及装置

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500095A (zh) * 2022-02-25 2022-05-13 上海富数科技有限公司 数据处理方法、装置、电子设备及存储介质

Also Published As

Publication number Publication date
CN115004634A (zh) 2022-09-02
CN115004634B (zh) 2023-12-19

Similar Documents

Publication Publication Date Title
US10372656B2 (en) System, apparatus and method for providing trusted input/output communications
WO2019153994A1 (fr) Procédé et appareil de négociation de sécurité
WO2016082801A1 (fr) Procédé et dispositif d'établissement d'une connexion sans fil
WO2017082966A1 (fr) Carte à puce universelle intégrée sur des environnements informatiques mobiles
US20220321455A1 (en) Multipath transmission method and device
JP6661706B2 (ja) 可聴周波数を用いてデバイス間でデータ通信を確立するシステム及び方法
US20210176230A1 (en) Method and electronic device for managing digital keys
EP4152791A1 (fr) Dispositif électronique et procédé destiné à un dispositif électronique permettant de fournir un service fondé sur la télémétrie
CN109831775B (zh) 一种处理器、基带芯片以及sim卡信息传输方法
JP2023515139A (ja) セッション確立方法及び関連装置
US20230199482A1 (en) Method for routing access, user equipment, and storage medium
WO2021196167A1 (fr) Procédé et appareil de traitement d'informations, dispositif et support de stockage
CN108322464B (zh) 一种密钥验证方法及设备
CN113938880B (zh) 一种应用的验证方法及装置
WO2021196047A1 (fr) Procédé et appareil de traitement de clé
US20230075275A1 (en) Secure pairing and pairing lock for accessory devices
EP3028429B1 (fr) Interception de communication locale
WO2022143157A1 (fr) Procédé de négociation de clé et et dispositif associé correspondant
WO2022166746A1 (fr) Procédé d'informations de configuration d'abonnement, appareil de communication, puce et dispositif de module
CN106055989B (zh) 一种数据传递方法及终端
WO2018228444A1 (fr) Procédé et terminal de gestion de connexion et dispositif de réseau d'accès radio
WO2023207758A1 (fr) Procédé et appareil de traitement de données
WO2023124258A1 (fr) Procédé et appareil d'accès à distance à une carte de module d'identité d'abonné (sim)
CN116049839B (zh) 一种数据传输方法和电子设备
JP2013070374A (ja) 安全なモバイル通信のためのネットワークスイッチング方法、その機能を有する携帯用通信端末機、記録媒体及び配布装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20929093

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20929093

Country of ref document: EP

Kind code of ref document: A1